1. US warns against Android apps that
secretly listen in on your TV habits: An Indian firm called
SilverPush uses a technology called 'Audio Beacon Technology', which uses
inaudible audio waves in TV Ads to track TV habits and link it with the mobile
user and his/her social-media activity. This technology is available as a SDK, which
Android app developers embed in their apps. The US has told 12 Android app
developers to declare their use of this technology, as failing to let customers
know - violates the FTC Act. The technology runs silently in the background
with or without the app being active.
2. Bangladesh Bank chief throws in the
towel after cyber-attack:
The head of the Bangladeshi central bank has
resigned following the devastating cyber-attack in which a group of hackers
managed to steal at least $80 million from Bangladesh's New York-based Federal
Reserve account. The criminals infected the Bangladesh Bank's computer systems
with surveillance-based malware, and after watching transactions and learning
how the banks operated for a few weeks, decided to strike. It was only thanks
to a spelling
mistake in one of the requests that bank officials became suspicious,
querying the transfers and blocking others in the list. If no-one had noticed,
the criminals could have gotten away with up to $1 billion.
3. Lenovo start page pushed Angler: Another
webpage (startpage[.]lenovo[.]com) joins the long list of pages/sites that have
been compromised to silently redirect traffic to pages that install the
infamous Angler exploit kit - which subsequently leads to delivery of
TeslaCrypt ransomware. Last week it was Burrp[.]com
and week before it was www[.]missmalini[.]com.
4. Pwn2Own 2016- Chrome, Edge, and Safari
hacked: Pwn2Own is a computer hacking contest held annually,
contestants are challenged to exploit widely used software and mobile devices
with previously unknown vulnerabilities. Winners of the contest receive a cash
prize and other goodies. This year too -major browsers fell, security flaws in
Google Chrome, Microsoft Edge, and Apple Safari were all successfully
exploited. A total of $460,000 was awarded for 21 vulnerabilities across the
three browsers as well as Windows, OS X, and Flash. Last year’s total was
$557,500.
5. Apple Fires Back At FBI Court Order: In a
legal brief filed last week, Apple
said the US founding fathers "would be appalled" by the Department of
Justice (DOJ)'s order last month that Apple help bypass security encryptions
built into the iPhone. The two sides will meet before a magistrate judge this
Tuesday (March 22). Look for the ruling to be appealed, possibly all the way to
the Supreme Court.
6. Anonymous says it's hacking Trump: The
'Hacktivist' collective group Anonymous
claimed to have leaked personal details of the controversial US presidential
candidate Donald Trump, including his Mobile Phone Number and Social Security
Number (SSN). The group posted a video condemning Trump. In response, a Trump
representative sought the arrest of the people responsible for attempting to
illegally hack accounts and telephone information.
7. Android Trojan infiltrates mobile
firmware: An Android Trojan which displays unwanted ads and
installs nuisance software on mobile devices has been discovered in the
firmware of smartphones and in popular Android applications. The adware, dubbed
Gmobi, has infected the firmware of at least 40 low-end smartphone models and
is present in a number of applications provided by well-known companies. Gmobi
is packaged as a tailored program in software development kits (SDKs) for
Google's Android platform and it is able to "remotely update the operating
system, collect information, display notifications (including advertising
ones), and make mobile payments.
8. Hackers can Silently Install Malware in
Non-Jailbroken iOS Devices:
A new strain of malware designed for the
iPhone and iPad poses a major risk to hundreds of millions of devices, because
it can infect non-jailbroken devices without the user's knowledge. The Trojan -
dubbed as AceDeceiver, installs itself on iOS devices without enterprise
certificates and exploits design flaws in Apple's digital rights management
(DRM) protection mechanism called FairPlay. Attackers purchase an app from App
Store, intercept and save the authorization code. They then developed fake
iTunes which tricks iOS devices to believe the app was purchased by victim and
thus installs potentially malicious apps without the user’s knowledge.
9. 3 reasons why the Tax refund fraud
thrives: A popular scam—where criminals filed fake income-tax
returns to collect fraudulent refunds is on the rise in 2016 as well. It
largely thrives as 1) Almost all tax returns are now online, 2.) Widespread
leakage of personal information, 3.) Low risk of getting caught or being
prosecuted for the crime. Storage firm Seagate
Technologies and social media firm Snapchat
are among the companies that recently announced that their employees had
inadvertently given fraudsters W-2 (Form 16) information of their workers.
10. Flipkart CEO Binny Bansal’s email
‘spoofed’, attempt to steal $80,000: The email account of Binny
Bansal, CEO of e-commerce giant, Flipkart has reportedly been ‘spoofed’ and an
attempt made to steal $80,000 using his email address. The incident took place
two weeks back, when a seemingly official mail (Typosquatting)
went from Bansal to the company’s CFO Sanjay Baweja asking him to transfer
$80,000. The crime-in-progress was stopped after Baweja, noting the oddity of
the request checked with Bansal in person. Flipkart said an official complaint
has been lodged with the police. Police sources said that the spoof mails
originated from Hong Kong and Canada using a server in Russia.
No comments:
Post a Comment